Connecticut to beef up cybersecurity in advance of general election

In advance of the Nov. 6 election, Connecticut plans to provide cybersecurity training to all local election officials and hire IT professionals to assess vulnerabilities within voter registration lists maintained at the local level, using money from a $5 million federal election security grant.

In March, Congress approved $380 million in election technology funding for states across the country to increase election security. Connecticut received its funding about two weeks ago, after its plan for how it intends to use the funds was approved, Secretary of the State Denise Merrill said. She convened a taskforce earlier in the year to come up with ideas for how to use the money, much of which won't be spent until well after Election Day.

The state has until September 2023 to use the money. It must match 5 percent of the federal money, or $256,027, within two years of receiving it. The state match already has been approved, and about $90,000 already has been spent for hardware maintenance of Connecticut's voting system. Another $99,000 is slated for a cybersecurity upgrade to the state's centralized voter registration system. The state has not yet decided what to spend the remaining portion of its money on.

Merrill said she sees the biggest threat as someone hacking into Connecticut's voter registry system and making changes with the intention of causing chaos on Election Day. The state houses the system and each town has a connection to it, she explained. The state will hire IT professionals to go to towns and cities across the state to check their systems, make sure they're secure and help with any firewall protections that might be needed.

"We have 169 cities and towns and, as you can imagine, there's a vast difference between the capacities of these different municipalities," Merrill said. "Some of them are tiny and don't even have an IT person on staff."

Connecticut was one of 21 states notified last fall by federal officials that Russian hackers targeted its online voter registration system during the 2016 election. The hackers scanned but did not breach the system, according to Merrill, who has said that this November's election will be one of the most closely watched.

It took a year after the 2016 election for Merrill to be notified that Connecticut was one of the states targeted by Russian hackers.

Merrill is among state election officials across the country who have received a secret security clearance from the Department of Homeland Security so that she can review classified information about cyberthreats to Connecticut's election system.

Noting that she went to a secure briefing recently, Merrill said, "I get updates on what threats are out there maybe, and what the current status is, and those are going to be on my desk on a weekly basis as we get closer to the election, so communication has greatly improved."

In advance of the election, cybersecurity training will be provided to all registrars of voters to make sure they are using best practices.

Connecticut's decentralized election system makes it difficult to hack but also makes coordination more difficult. Since voting is done by paper ballots, and voting machines are not connected to the Internet, Connecticut's system is relatively secure.

Going forward, the state is planning to spend about $1 million to buy additional voting equipment, given that the current equipment is dated.

"We're happy with the current system we have, at least for the moment, because it has paper ballots. It's not connected to the Internet," Merrill said. "We're continuing to use them but we're getting concerned about age, so we're planning to buy a group of replacement tabulators that we can bring in as needed."

The state also plans to hire a full-time cybersecurity consultant to work for four years to evaluate its election security and develop an incident response plan, and is allocating $600,000 over the four years for that work.